From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Brian Crowell <brian(at)fluggo(dot)com> |
Cc: | "pgsql-general(at)postgresql(dot)org >> PG-General Mailing List" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: GSSAPI/SSPI and mismatched user names |
Date: | 2014-02-24 19:06:01 |
Message-ID: | 20140224190601.GP2921@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
* Brian Crowell (brian(at)fluggo(dot)com) wrote:
> On Mon, Feb 24, 2014 at 12:55 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > * Brian Crowell (brian(at)fluggo(dot)com) wrote:
> >> https://github.com/npgsql/Npgsql/issues/162#issuecomment-35916650
> >
> > Reading through this- can't you use GSSAPI to get the Kerberos princ
> > found the ticket which is constructed? I'm pretty sure the MIT
> > libraries support that, at least...
>
> I expected I might be able to do that on Linux, but right now I'm
> trying to work out the Windows non-domain case.
I'm afraid you're going to need to try harder to find out how to get the
Windows GSSAPI/SSPI code to give you the princ. I was actually pretty
sure that GSSAPI defined a way, but I don't know the Windows side of it
or if they decided to not bother implementing parts of GSSAPI.
> Unfortunately, in this case I don't even have a wrong-cased username
> to start with. I have the user name of the logged-in non-domain user,
> which is not the user name of the domain credentials I'm sending
> across the network.
You're going to need to figure out how to tell PG what PG user you want
to log in as in the initial packet.
> > We need the username to figure out which auth method we're using...
>
> Oh dear.
Exactly- this is not something we can solve with a little bit of
tweaking...
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Brian Crowell | 2014-02-24 19:41:06 | Re: GSSAPI/SSPI and mismatched user names |
Previous Message | Brian Crowell | 2014-02-24 18:59:37 | Re: GSSAPI/SSPI and mismatched user names |